Description
A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-29
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in the formSetPassword function of the Belkin F9K1122 Parameter Handler. Manipulation of the webpage argument can overflow a stack buffer, enabling an attacker to execute arbitrary code on the device. The vulnerability is identified as CWE‑119 and CWE‑121.

Affected Systems

The affected vendor is Belkin. The impacted product is the F9K1122 router running firmware version 1.00.33. No other products or versions are listed in the advisory.

Risk and Exploitability

The CVSS base score is 8.7, indicating high severity, and the exploit is publicly available. No EPSS score is published, and the vulnerability is not listed in the CISA KEV catalog. Attackers can use network-based HTTP requests to the /goform/formSetPassword endpoint to trigger the overflow, so the attack vector is remote network access. Due to the high severity and public exploit, the risk is significant.

Generated by OpenCVE AI on March 29, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether a newer firmware version than 1.00.33 is available from Belkin and install the patched firmware.
  • If no patch is released, block or restrict unauthenticated POST requests to /goform/formSetPassword by firewall or ACL to mitigate exploitation.
  • Continuously monitor router logs for anomalous traffic and consider replacing the device if remediation cannot be achieved.

Generated by OpenCVE AI on March 29, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 29 Mar 2026 11:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Belkin F9K1122 Parameter formSetPassword stack-based overflow
First Time appeared Belkin
Belkin f9k1122 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:belkin:f9k1122_firmware:*:*:*:*:*:*:*:*
Vendors & Products Belkin
Belkin f9k1122 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Belkin F9k1122 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-29T11:15:10.987Z

Reserved: 2026-03-27T16:35:46.876Z

Link: CVE-2026-5043

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-29T12:15:57.937

Modified: 2026-03-29T12:15:57.937

Link: CVE-2026-5043

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:31:39Z

Weaknesses